JP Morgan Case Study

Verified

Added on 2023/01/13

AI Summary

This case study analyzes the threats, system vulnerabilities, impact, and organizational response in the JP Morgan security breach.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

JP Morgan case study
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
Threats involved..........................................................................................................................3
System vulnerability involved.....................................................................................................3
Impact of case..............................................................................................................................3
Organisational response...............................................................................................................3
2

Threats involved
The computer systems were infected with malware through which confidential data and
information were stolen. When security breach occurred, the security team of JP Morgan
evaluated entire situation. They looked into their network. Besides that, there were many threats
involved such as lack of policy, ineffective monitoring of systems and server, etc.
System vulnerability involved
It is stated that there were several system vulnerabilities involved that resulted in attack
on JP Morgan. First is there was no proper security in internal network. The employees were
allowed to access only 14% data. Moreover, the security policy was not briefly documented. In
addition to it, no VPN was installed in network that prevented unauthorized access. It led
increase in unnecessary traffic. Along with it, no vulnerability risk assessment was planned. The
servers and systems were not regularly scanned and authenticated. Thus, it did not lead to aware
employee or company regarding any threat or vulnerability.
Impact of case
It is analyzed that in 2014 employee of JP Morgan stole confidential data by log in into
system. By using a VPN, hacker accessed the network and controlled more than 90 servers. So, it
was observed that more than billion password and username were stolen. Confidential info such
as name, contact no. address, etc. of 76 million household and 7 million SME were stolen. Thus,
it led to negative impact on company brand image and security measures.
Similarly, many others companies such as US bullion at Fort Knox does not allow staff to
get close to gold reserve. The have installed high security measures like guard and sentry boxes.
It enables in protecting building.
Organisational response
In future organization can take various measures. They can install a host based intrusion
prevention system which will help in recognizing malware and stopping it. Moreover, by
integrating HIPS with firewall, anti virus software, etc. it will benefit in identifying suspicious
activity. Also, it has better accuracy than other network system. So, it will monitor as well as
block individual computer in network. Besides, it will block unnecessary traffic to enter into
network. Apart from it, JP Morgan can educate and train employees to deal with such situation.
Network security policies can be formed to deal with vulnerabilities and generating awareness
among staff. Network access control can be installed within network for its scanning. In addition,
3

high priority VLAN and NIDS can be implemented to monitor any malicious activity. Central
logging method can be applied which will assist in better log correlation and protecting log
destruction.
4